Password Protect - An Open Source Application - Developers

This a password storing application much like any other, the main difference is it is open source and so you guys can mod it or find ways to hack it. It only started development at 9:00 PM Last night. I have been working on it for about 1 hour so far. I could do with some help though. I am creating a "New User" Button. I want this to check the passwords and username and if they are OK then a name is added to a local database. I will provide the code for you, I have 2 problems... How would I build a local database to store data Something must be wrong with my code, it says the passwords don't match even if the do... Language is C# [code] using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; namespace Password_Protect { public partial class NewUserForm : Form { public NewUserForm() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { if (NewUserPassword.Text.Equals(NewUserPasswordConfirm)) { MessageBox.Show("Passwords Match"); MessageBox.Show("A new account has been made called" + NewUserUser); } else { MessageBox.Show("Your Passwords do not match!"); } } } } [/code]

So you've written 10 lines of code so far?

Why NewUserPassword.Text.Equals when == exists?

Sorry, New to C#, also, I have only been working on it an hour and this is only one of the forms, I currently have 3 [editline]06:36PM[/editline] [QUOTE=Dlaor;17121866]Why NewUserPassword.Text.Equals when == exists?[/QUOTE] Could you show me this when used?

can easily be reversed :P

Why did you think this was worth posting? Most Visual Basic "browsers" have more code and effort put into them.

Sorry, It's still only in the very early stages, I've added a bit more work but I still need to know how to add some form of a database, I don't want it to be accesable online but on 1 pc only. I can give you the source code to show you what I've done, not much but still. This is only 1 of my 4 forms. It's my Birthday in 15 days and so I'm getting a [url=http://www.amazon.co.uk/Head-First-C-Andrew-Stellman/dp/0596514824/ref=sr_1_1?ie=UTF8&s=books&qid=1252096559&sr=1-1]Head First C#[/url] so I can hopefully get a good knowlege of the language and make better apps, I just wanted to make this as my first one (in C#) [code] using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; namespace Password_Protect { public partial class NewUserForm : Form { public NewUserForm() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { this.label2.ForeColor = System.Drawing.SystemColors.ControlLightLight; this.label3.ForeColor = System.Drawing.SystemColors.ControlLightLight; this.label4.ForeColor = System.Drawing.SystemColors.ControlLightLight; if (NewUserUser.Text.Equals("")) { MessageBox.Show("You need a username!"); this.label2.ForeColor = System.Drawing.Color.Red; } else { if (NewUserPassword.Text.Equals(NewUserPasswordConfirm.Text)) { MessageBox.Show("A new account has been made called " + NewUserUser.Text); } else { MessageBox.Show("Your Passwords do not match!"); this.label3.ForeColor = System.Drawing.Color.Red; this.label4.ForeColor = System.Drawing.Color.Red; this.label5.ForeColor = System.Drawing.Color.Red; } } } } } [/code]

Sorry that I was so harsh. I just think it's a bit early to make a thread for it. Anyway, good luck with it. :smile:

[QUOTE=Robber;17126188]Sorry that I was so harsh. I just think it's a bit early to make a thread for it. Anyway, good luck with it. :smile:[/QUOTE] Haha, did you just win the lottery?

[QUOTE=Loli;17125788]It's my Birthday in 15 days and so I'm getting a [url=http://www.amazon.co.uk/Head-First-C-Andrew-Stellman/dp/0596514824/ref=sr_1_1?ie=UTF8&s=books&qid=1252096559&sr=1-1]Head First C#[/url] so I can hopefully get a good knowlege of the language and make better apps, I just wanted to make this as my first one (in C#) [/QUOTE] Happy Birthday [url]http://www.robmiles.com/c-yellow-book/[/url]

[quote=bean_xp;17127364]happy birthday [url]http://www.robmiles.com/c-yellow-book/rob%20miles%20csharp%20yellow%20book%202008.pdf/[/url][/quote] 404

Just remove the last '/'.

[QUOTE=Loli;17121791] How would I build a local database to store data [/QUOTE] There are many options in this situation, but the general division is between binary data and ascii, you have to decide which format you're going to store in. Each has it's pro's and con's. Binary is great for quickly reading and writing data, and includes a [i]little[/i] difficulty to hack due to the nature of the format. You could write your own binary format, or rely on other libraries. A couple I can think of off the top of my head are Google [url=http://code.google.com/p/protobuf-net/]Protocol Buffers[/url], and [url=http://www.codeproject.com/KB/cs/objserial.aspx].NET's Binary Serialization[/url]. On the ascii side of things, this format is generally used for storing data that can easily be edited by an outside user. Due to the nature of parsers and lexers, this format is bound to be much slower to load and save than binary. A few options include writing your own ascii format, and [url=http://devhood.com/tutorials/tutorial_details.aspx?tutorial_id=236]XML Serialization[/url]. In your case, I'd generally go for the binary method, preferably in your own format. Along with just storing your passwords, you must understand some basic cryptography, there are methods in which create a one-way hash of a value which is made to be unique (with a high probability). Think of it like this (this is a pseudo-example): Input Output "A password" -- hash --> 28392839 "Another password" -- hash --> 83728392 The only way to obtain a hash of 28392839 is to give it an input of "A password". So if you store the value of 28392839 in your database, you can hash the inputs provided by the user and compare them to the stored 28392839 hash. For more information on this subject, I'd recommend reading around Wikipedia to get general sense of it: [url]http://en.wikipedia.org/wiki/Cryptographic_hash_function[/url] [b]Edit[/b]: The portion of cryptography above is only for hashes which would allow access to a database, for storing passwords you would want to look at encryption and decryption (of which I'm not familiar with). [url]http://www.codeproject.com/KB/security/RSACryptoPad.aspx[/url] might be a good source of information, at first glance is looks confusing but maybe that's just how it is (and why I still don't understand it.) :) The general process for doing this in code is through classes in [url=http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx]System.Security.Cryptography[/url]. For the utmost in security, I'd recommend [url=http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256managed.aspx]SHA256Managed[/url], or even [url=http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512managed.aspx]SHA512Managed[/url]. [QUOTE=Loli;17121791] Something must be wrong with my code, it says the passwords don't match even if the do... [/QUOTE] Based on the language settings of your system, the strings could be compared using incorrect culture info. The best bet when comparing strings is to pass a [url=http://msdn.microsoft.com/en-us/library/system.stringcomparison.aspx]StringComparison[/url]value as the second parameter for the Equals function. Here's the method for comparing strings based on ordinal (character values) rules: [cpp] string a = "one string"; string b = Console.ReadLine(); if (a.Equals(b, StringComparison.Ordinal)) { // strings are equal } [/cpp] [QUOTE=Dlaor;17121866]Why NewUserPassword.Text.Equals when == exists?[/QUOTE] the == operation calls Equals with default comparison rules anyway. [cpp] [Serializable, ComVisible(true)] public sealed class String : IComparable, ICloneable, IConvertible, IComparable<string>, IEnumerable<char>, IEnumerable, IEquatable<string> { // the operator public static bool operator ==(string a, string b) { return Equals(a, b); // this calls the static equals method } // this method is called when using operator == public static bool Equals(string a, string b) { return ((a == b) || (((a != null) && (b != null)) && EqualsHelper(a, b))); // note the EqualsHelper call. } // this directly uses the EqualsHelper call without an additional function inbetween [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] public bool Equals(string value) { if ((value == null) && (this != null)) { return false; } return EqualsHelper(this, value); } } [/cpp] Furthermore, when using the equality operator on a large number of strings, the function call overhead can often slow down the process. The Equals function is often the best method when dealing with a high volume of strings. [QUOTE=efeX;17124008]can easily be reversed :P[/QUOTE] Correct me if I'm wrong, but If a user password is required to decrypt passwords, reversing the executable wouldn't be of much help other than determining how it is encrypted? A potential attacker would still need to figure out the password used to encrypt the stored passwords.

[QUOTE=Loli;17121791][code] private void button1_Click(object sender, EventArgs e) { if (NewUserPassword.Text.Equals(NewUserPasswordConfirm)) { MessageBox.Show("Passwords Match"); MessageBox.Show("A new account has been made called" + NewUserUser); } else { MessageBox.Show("Your Passwords do not match!"); } } [/code][/QUOTE] If NewUserPasswordConfirm is a textbox, you're saying "Is NewUserPassword.Text (string value) equal to object NewUserPasswordConfirm". You need to put a .Text on the NewUserPasswordConfirm, to compare the two strings: [code] private void button1_Click(object sender, EventArgs e) { if (NewUserPassword.Text.Equals(NewUserPasswordConfirm.Text)) { MessageBox.Show("Passwords Match"); MessageBox.Show("A new account has been made called" + NewUserUser); } else { MessageBox.Show("Your Passwords do not match!"); } } [/code]

You call it open-source, but you haven't released the whole source...

[QUOTE=jA_cOp;17132366]You call it open-source, but you haven't released the whole source...[/QUOTE] Depends on the license. And he doesn't need to post all the code in a forum.

[QUOTE=PvtCupcakes;17132614]Depends on the license. And he doesn't need to post all the code in a forum.[/QUOTE] Well, since there is no licence, it's not open source.

Voided, You are a legend. You should work as a proggrammer. Robber, thanks, now I don't think you're a complete douche. jA_cOp, The source will be released when finished and also, have I played G-Mod with you in the past? CrowsCanFly, Thanks but I already fixed it, I did exactly what you said just like an hour before you said it :P Gonna get back to work on it now.

[QUOTE=Loli;17137004]Voided, You are a legend. You should work as a proggrammer.[/QUOTE] Gee I wonder.

I actually like this sort of devlog style thread, we need more of these.

[QUOTE=jaybuz;17127046]Haha, did you just win the lottery?[/QUOTE] I don't get it. :downs:

I'd use private bool: [code] private bool checkPass(string input, string password) { if( input != password) { return false; } else { return true; } } [/code] The impliment like this: [code] if( checkPass(txt_password.Text, "My1337Password") == true) { MessageBox.Show("Password correct!"); } else { MessageBox.Show("Password incorrect"); } [/code]

No.

[QUOTE=ODSTDare;17143293]I'd use private bool: [code] private bool checkPass(string input, string password) { if( input != password) { return false; } else { return true; } } [/code] The impliment like this: [code] if( checkPass(txt_password.Text, "My1337Password") == true) { MessageBox.Show("Password correct!"); } else { MessageBox.Show("Password incorrect"); } [/code][/QUOTE] [code] if (txt_password.Text == "My1337Password") { MessageBox.Show("Password Correct."); } else { MessageBox.Show("Password Wrong."); } [/code] Why make a new method just to do a simple equal or not equal? I gave you a box to put your function in.

[QUOTE=Loli;17137004]jA_cOp, The source will be released when finished and also[/QUOTE] At first glance, it looked kind of like a release thread. Perhaps because of Robber's comment. [QUOTE=Loli;17137004]have I played G-Mod with you in the past?[/QUOTE] I haven't played Garry's Mod online in years, so it would be a very long time ago. I don't remember playing with anyone with the nick "Loli" anyway.

[QUOTE=jA_cOp;17145543]At first glance, it looked kind of like a release thread. Perhaps because of Robber's comment.[/QUOTE] Sorry?

[QUOTE=Robber;17145579]Sorry?[/QUOTE] Why would you apologise for that? I said it confused me, not that I found it offensive or whatever.

[QUOTE=jA_cOp;17145607]Why would you apologise for that? I said it confused me, not that I found it offensive or whatever.[/QUOTE] Well, it was kinda offensive.

group hug

Thanks everyone for your umm... constructive criticism, I have recently been working on adding a small database so as to store multiple users. This would allow many people to store passwords. For example... User1 - Password - Google Mail Password User 2 - Password - Google Mail Password Unfortunately I am not hosting a databse so you cannot connect to the internet meaning you have to carry a pendrive round with your data on... Or you could upload it online somewhere and just download the Database!